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DETAILED ACTION 

Applicant's election without traverse of group III (claims 10-39) in the reply filed 
on 8/28/2006 is acknowledged. Claims 1-2, 4-9, and 40 are withdrawn from 
consideration. Any well known art statements made in the prior office action that were 
not specifically and adequately traversed by applicant are taken as admittance of prior 
art as per MPEP 2144.03. 

Information Disclosure Statement 

As per the IDS submitted on 7/13/2006, document 389016 to Lin was not 
considered because the examiner was unable to find a US patent document with the 
document number given. Applicant is urged to double check the document number to 
make sure that it is the correct US patent document number. All other documents listed 
were considered. 

Response to Amendment and Arguments 

Applicant's amendments to the claims were fully considered. Applicant's 
arguments were also fully considered, but are moot in view of new rejections presented 
below. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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Claims 13-15, 21-22, 27-28, and 34-36 are rejected under 35 U.S.C. 101 
because the claimed invention is directed to non-statutory subject matter. 

Using claim 13 as an example, claim 13 is a claim to an apparatus comprising 
means for performing various steps of a method (the method of claim 10). As 
evidenced by claim 16, the means being claimed are instructions, i.e. software. As 
such, claim 13 is directed towards an apparatus that is software per se, which is not 
statutory. Claims 14-15, 21-22, 27-28, and 34-36 are also directed towards apparatuses 
that are software per se as the means recited in the claims are implemented as 
instructions, i.e. software. The claimed apparatuses must comprise at least one 
component that is hardware to overcome the 101 rejections for the claims. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 10, 13, and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Arnold (US 5,787,172) in view of Aoki (US 6,745,530). 
Claims 10, 13, and 16: 

As per claim 10, Arnold discloses the following limitations were will known in the 
art at the time applicant's invention was made: 

1 . Generating a client message at the client (col 2, lines 9-24). 
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2. Retrieving an embedded server public key from a memory structure in an article 
of manufacture (col 2, lines 9-24). 

3. Encrypting the client message with the embedded server public key (col 2, lines 
9-24). 

4. Sending the client message to the server (col 2, lines 9-24). 

Arnold does not explicitly disclose that in the prior art he discusses, the memory 
structure is read-only memory. Arnold also does not explicitly disclose the article of 
manufacture is in the client, the read-only memory structure having an embedded client 
private key, the embedded server public key and the embedded client private key not 
being related by a public/private key pair relationship, the embedded client private key 
being associated with a client public key stored exclusively outside the client. 

However, Arnold discloses read-only memory being used to store keys (col 4, 
lines 14-17). At the time applicant's invention was made, it would have been obvious to 
one skilled in the art to modify the prior art teachings disclosed by Arnold so that the 
memory structure used to store keys was read-only memory structure. One skilled 
would have been motivated to do so because one skilled would appreciate that utilizing 
read-only memory to store keys would allow key information to be retained even if the 
device containing the memory were to lose power. One skilled would also be motivated 
to do so because use of read-only memory to store the keys prevents tampering with 
information stored in -the memory, thus providing better security (Arnold: col 4, lines 36- 
40). 
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Further, Davis discloses the article of manufacture is in the client, the memory 
structure having an embedded client private key, the embedded server public key and 
the embedded client key not being related by a public private key pair relationship, the 
embedded client private key being associated with a client public key stored exclusively 
outside the client (Fig 1 , item 200). Note that in the figure cited, the client has stored in 
memory the client's private key, i.e. individual private key, and a server's public key, but 
no client public key. As the client does not store the client's public key, the client's 
public key is stored exclusively outside the client. The private key of the client and the 
server's public key are not related by a public/private key pair relationship as they do 
not have an inverse relationship with one-another, i.e. plaintext encrypted by one cannot 
be decrypted by the other. 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to modify the client/server system disclosed by Aoki to use the secure 
communication techniques taught by Arnold (what he reveals was known in the prior art 
as well as what his own invention uses) such that a method as recited in claim 10 is 
implemented. One skilled would have been motivated to do so because it would allow 
Aoki's network system to establish a private and secure link between the clients and 
server of his invention for secure communication (Arnold: col 2, lines 23-24 and 43-44). 

Claim 13 is directed towards an apparatus comprising means for implementing 
the method of claim 10 while claim 16 is directed towards a computer program product 
comprising instructions for implementing the method of claim 16. As such, claims 13 
and 16 are rejected for substantially the same reasons given for claim 10. 
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Claims 11, 14, and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Arnold (US 5,787,172) in view of Aoki (US 6,745,530) and further in 
view of Sandhu et al (US 2002,0078344). 
Claims 11, 14, and 17: 

As per claims 11, 14, and 17, the combination of Arnold and Aoki discloses 
embedded client private key in a memory structure in an article of manufacture in the 
client (Aoki: Fig 1, item 200); the memory structure being read-only memory (Arnold: col 
4, lines 14-17); and retrieving the client private key from the client's memory (Arnold: col 
2, lines 25-41). 

Arnold and Aoki do not explicitly disclose retrieving client authentication data; 
encrypting the client authentication data with the embedded client private key; and 
storing the encrypted client authentication data in the client message. However, these 
limitations are disclosed by Sandhu (paragraph 28). 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to further modify Arnold and Aoki's combination invention according to 
the limitations recited in claims 11, 14, and 17 in light of Sandhu's teachings. One 
skilled would have been motivated to do so because it would provide client-side 
authentication (paragraph 28), thus making communication between the client and 
server more secure. Note that Arnold discusses authentication being desired objective 
for secure communication since before the time of his invention (col 2, lines 43-48). 
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Claims 12, 15, 18, 25, 27, 29, 26, 28, and 30 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Arnold (US 5,787,172) in view of Aoki (US 6,745,530) and 
further in view of Sandhu et al (US 2002,0078344) and further in view of Davis (US 
5,970,147). 

Claims 12, 15, and 18: 

As per claims 12, 15, and 18, Arnold, Aoki, and Sandhu do not explicitly disclose 
retrieving an embedded client serial number from a read-only memory structure in an 
article of manufacture in the client; and storing a copy of the embedded client serial 
number in the client message. However, these limitations are disclosed by Davis (col 4, 
lines 26-39; col 5, lines 58-62; and col 6,lines 27-29). 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to further modify the combination invention of Arnold, Aoki, and Sandhu 
according to the limitations recited in claims 12, 15, and 18. One skilled would have 
been motivated to do so because the client sending the serial number to the server 
alone with its message would allow the server to index various clients' public keys to the 
client's serial number, thus providing for a way for the server to look up the client key 
needed to authenticate the client's message. 
Claims 25, 27, and 29: 
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As per claims 25, 27, and 29, the limitations recited therein are directed towards 
the server receiving and processing the message sent using the method, apparatus, 
and computer program product of claims 12, 15, and 18 respectively. One skilled would 
appreciate that a message sent by a client according to the limitations recited in claims 
12, 15, and 18 would be processed by the server according to the limitations recited in 
claims 25, 27, and 29, thus the rejections for claims 25, 27, and 29 flow from the 
rejections of claims 12, 15, and 18 respectively. 
Claims 26, 28, and 30: 

As per claims 26, 28, and 30, the limitations recited therein are directed towards 
the server processing the authentication data sent by the client using the method, 
apparatus, and computer program product of claims 11, 14, and 17 respectively. One 
skilled would appreciate that a message sent by a client according to the limitations 
recited in claims 11, 14, and 17 would be processed by the server according to the 
limitations recited in claims 26, 28, and 30, thus the rejections for claims 26, 28, and 30 
flow from the rejections of claims 11, 14, and 17 respectively. 



Claims 19, 21, 23, 31, 34, and 37 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Arnold (US 5,787,172) in view of official notice by the examiner and 
further in view of Aoki (US 6,745,530). 
Claims 19, 21, and 23: 
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As per claim 19, Arnold discloses the following limitations were will known in the 
art at the time applicant's invention was made: 

1 . Generating a server message at the server (col 2, lines 9-24). 

2. Retrieving a client's public key (col 2, lines 9-24). 

3. Encrypting the server message with the client's public key (col 2, lines 9-24). 

4. Sending the server message to the client (col 2, lines 9-24). 

Note that the cited portion of Arnold discloses communication between two 
elements A and B. One skilled should appreciate that both A and B can be either a 
client and/or server. 

Arnold does not explicitly disclose that the prior art he discusses teach the 
following limitations: 

1 . Retrieving information that was requested by the client. 

2. Storing the retrieved information in the server message. 

3. Wherein the client public key corresponds to an embedded client private key in a 
read-only memory structure in an article of manufacture in the client, and the 
client public key is stored exclusively outside the client. 

However, that Arnold also discloses read-only memory being used to store keys 
(col 4, lines 14-17). At the time applicant's invention was made, it would have been 
obvious to one skilled in the art to modify the prior art teachings disclosed by Arnold so 
that the memory structure used to store keys was read-only memory structure. One 
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skilled would have been motivated to do so for the same reasons given in the rejection 
of claims 10, 13, and 16. 

Further, the examiner take official notice that retrieving information that was 
requested by the client and storing the retrieved information in the server message was 
well known in the art at the time applicant's invention was made. Note that these 
limitations were also discussed as being well known in the art at the time applicant's 
invention was made in the prior office action. 

Further, Aoki disclose wherein the client public key corresponds to an embedded 
client private key in a memory structure in an article of manufacture in the client, and the 
client public key is stored exclusively outside the client (Fig 1, item 200). 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to combine the above teachings to arrive at an invention as 
recited in claims 19, 21, and 23. One skilled would have been motivated to incorporate 
Arnold's teachings with Aoki's client/server system for the same reasons discussed 
above in claims 10, 13, and 16. One skilled would have been motivated to incorporate 
the teachings the examiner took official notice on because these teachings describe 
typical client-server relationship, i.e. a client requests information being "served" by the 
server, the server retrieves the requested information, and sends it to the client via a 
server message provided that the client is authorized to receive the information. 
Claims 31, 34, and 37: 

As per claims 31, 34, and 37, the limitations recited therein are directed towards 
the client receiving and processing the message sent by the server using the method, 
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apparatus, and computer program product of claims 19, 21, and 23 respectively. One 
skilled would appreciate that a response message sent by a server according to the 
limitations recited in claims 19, 21, and 23 would be processed by the client according 
to the limitations recited in claims 25, 27, and 29, thus the rejections for claims 31, 34, 
and 37 flow from the rejections of claims 19, 21 , and 23 respectively. 



Claims 20, 22, 24, 32, 35, 38, 33, 36, and 39 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Arnold (US 5,787,172) in view of official notice by the 
examiner and further in view of Aoki (US 6,745,530) and further in view of Sandhu et al 
(US 2002,0078344). 
Claims 20, 22, and 24: 

As per claims 20, 22, and 24, Arnold discloses retrieving a server private key 
(Arnold: col 2, lines 25-41). 

Arnold does not explicitly disclose retrieving server authentication data; 
encrypting the server authentication data with the server private key; and storing the 
encrypted server authentication data in the server message. However, these limitations 
are disclosed by Sandhu (paragraph 27). 

At the time applicant's invention was made, it would have been obvious to one of 
ordinary skill in the art to further modify the Arnold's invention according to the 
limitations recited in claims 20, 22, and 24. One skilled would have been motivated to 
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do so because it would provide server-side authentication (paragraph 27), which would 
make communication between the client and server more secure. 
Claims 32, 35, and 38: 

As per claims 32, 35, and 38, the limitations recited therein are directed towards 
the client receiving and processing the message sent by the server using the method, 
apparatus, and computer program product of claims 20, 22, and 24 respectively. One 
skilled would appreciate that a response message sent by a server according to the 
limitations recited in claims 20, 22, and 24 would be processed by the client according 
to the limitations recited in claims 32, 35, and 38, thus the rejections for claims 32, 35, 
and 38 flow from the rejections of claims 20, 22, and 24 respectively. 
Claims 33, 36, and 39: 

As per claims 33, 36, and 39, Arnold does not explicitly disclose retrieving 
requested information form the server message; and in response to a determination that 
the decrypted authentication data was verified, processing the requested data. 
However, the examiner take official notice that the limitations were well known in the art 
at the time applicant's invention was made. Note that these limitations were also 
discussed as being well known in the art at the time applicant's invention was made in 
the prior office action. These limitations describe a typical client-sever relationship. A 
client typically requests information from a sever, the server receives the request, and if 
the client is authorized to receive the information the server sends the information to the 
client who receives the requested information via the server's reply message. The 
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client typically only processes the information sent by the server if the decrypted 
authentication data was verified for security purposes. 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to further modify Arnold's invention according to the limitations recited 
in claims 33, 36, and 39. One skilled would have been motivated to do so because the 
limitations further recited in claims 33, 36, and 39 describe a typical client-server 
relationship. 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Fink et al (US 6,574,729) discloses a server storing machine id 
numbers for fast indexing. Other prior art of record made of record and not relied upon 
which are considered pertinent to applicant's disclosure can be found in the attached 
PTO-982 form. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ponnoreay Pich whose telephone number is 571-272- 
7962. The examiner can normally be reached on 9:00am-4:30pm Mon-FrL 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or. Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Ponnoreay Pich 
Examiner 
Art Unit 2135 
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